Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc0549ce

Browse files
committed
Teach contain_leaked_vars that assignment SubscriptingRefs are leaky.
array_get_element and array_get_slice qualify as leakproof, sincethey will silently return NULL for bogus subscripts. Butarray_set_element and array_set_slice throw errors for such cases,making them clearly not leakproof. contain_leaked_vars was evidentlywritten with only the former case in mind, as it gave the wrong answerfor assignment SubscriptingRefs (nee ArrayRefs).This would be a live security bug, were it not that assignmentSubscriptingRefs can only occur in INSERT and UPDATE target lists,while we only care about leakproofness for qual expressions; so thewrong answer can't occur in practice. Still, that's a rather shakyanswer for a security-related question; and maybe in future somebodywill want to ask about leakproofness of a tlist. So it seems wise tofix and even back-patch this correction.(We would need some change here anyway for the upcominggeneric-subscripting patch, since extensions might make differenttradeoffs about whether to throw errors. Commit558d77f attemptedto lay groundwork for that by asking check_functions_in_node whether aSubscriptingRef contains leaky functions; but that idea fails now thatthe implementation methods of a SubscriptingRef are not SQL-visiblefunctions that could be marked leakproof or not.)Back-patch to 9.6. While 9.5 has the same issue, the code's a bitdifferent. It seems quite unlikely that we'd introduce any actual bugin the short time 9.5 has left to live, so the work/risk/reward balanceisn't attractive for changing 9.5.Discussion:https://postgr.es/m/3143742.1607368115@sss.pgh.pa.us
1 parentc6f8d17 commitc0549ce

File tree

1 file changed

+17
-1
lines changed

1 file changed

+17
-1
lines changed

‎src/backend/optimizer/util/clauses.c

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1409,7 +1409,6 @@ contain_leaked_vars_walker(Node *node, void *context)
14091409
caseT_ScalarArrayOpExpr:
14101410
caseT_CoerceViaIO:
14111411
caseT_ArrayCoerceExpr:
1412-
caseT_SubscriptingRef:
14131412

14141413
/*
14151414
* If node contains a leaky function call, and there's any Var
@@ -1421,6 +1420,23 @@ contain_leaked_vars_walker(Node *node, void *context)
14211420
return true;
14221421
break;
14231422

1423+
caseT_SubscriptingRef:
1424+
{
1425+
SubscriptingRef*sbsref= (SubscriptingRef*)node;
1426+
1427+
/*
1428+
* subscripting assignment is leaky, but subscripted fetches
1429+
* are not
1430+
*/
1431+
if (sbsref->refassgnexpr!=NULL)
1432+
{
1433+
/* Node is leaky, so reject if it contains Vars */
1434+
if (contain_var_clause(node))
1435+
return true;
1436+
}
1437+
}
1438+
break;
1439+
14241440
caseT_RowCompareExpr:
14251441
{
14261442
/*

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp